Manage TLS (SSL) certificates

Last update: February 11 2025

Manage TLS (SSL) certificates

warning

We are discontinuing support for the Akamai provider. Creating new Akamai CDN resources is not available, existing Akamai resources will cease to function and will be deleted on May 1, 2025. We recommend switching to a Selectel provider now to avoid website outages. To connect Selectel CDN, please use the instructions in the following section Connect CDN.

TLS(SSL)-certificate is a unique digital signature of a website. TLS(SSL)-certificate is required for a secure connection between the client and the server (HTTPS protocol) when transmitting confidential information and conducting financial transactions.

Types of TLS(SSL) Certificates⁠

	Service	Let's Encrypt®	Personal
Providers	Akamai	Selectel	Selectel
Domains	Default domain	All CDN resource domains	Personal domains of the resource, which are specified in the certificate
Management	You can't control	You can't control	Disconnect Make active Delete
Update	Automatically	Automatically	Manually

Service Certificate⁠

A free service certificate is issued automatically for Akamai CDN resources and applies only to default domains. If you add a personal domain to the Akamai resource, content distribution will be done via HTTP only.

You cannot make changes to the operation of the service certificate.

Let's Encrypt® Certificate⁠

The Let's Encrypt® certificate is issued automatically when a Selectel CDN resource is created and applies to all Selectel CDNs. default domains и personal domains connected to the resource.

Let's Encrypt® certificate has the following properties:

• certificate cannot be disabled or deleted, only replaced by a personalized certificate;
• A CDN resource can have only one valid Let's Encrypt® certificate;
• the certificate does not need to be manually renewed, it is automatically reissued when it expires.

Read more about Let's Encrypt® certificate restrictions in the article Rate Limits Let's Encrypt® documentation.

Personalized certificate⁠

The personalized certificate covers personal domains Selectel resource that are specified in this certificate.

A CDN resource can have only one TLS(SSL) certificate active. If there are personal domains connected to the resource that are not specified in the certificate, content distribution through them will be performed only via HTTP.

If you remove the personal certificate, the resource is automatically issued for the resource Let's Encrypt® certificate.

Add a personalized certificate⁠

1. В control panels go to CDN → CDN resources.

2. Open the CDN resource page.

3. Open the tab Certificates.

4. Click Add a certificate.

5. Open the tab Personal.

6. Insert the certificate for the domain. It must begin with -----BEGIN CERTIFICATE----- and end -----END CERTIFICATE-----.

   If you need to add multiple certificates, make sure that all certificates (primary certificate for the domain, intermediate certificates, and root certificate) create a complete chain. Value Issuer of the main certificate must match the value of the Subject of the first intermediate certificate, the value of Issuer of the first intermediate certificate with Subject the second intermediate and so on.

7. Insert the private key. It must begin with -----BEGIN PRIVATE KEY----- and end -----END PRIVATE KEY-----.

8. Click Add a personal SSL certificate.